Amendments to the Claims 



Kindly add new claims 1 1 and 12, and amend claims 1, 3 and 7-10, as set forth 
below. In compliance with the Revised Amendment Format published in the Official Gazette 
on February 25, 2003, a complete listing of claims is provided herein. The changes in the 
amended claims are shown by strikethrough (for deleted matter) and underlining (for added 
matter). 

1 . (Currently Amended) A method for providing security services in a clustered 
data processing environment, said method comprising the steps of : 

providing an access program layer on at l e ast two data proc e ssing nodes of 
said clust e red environment said layer presenting a consist e nt s e curity int e rface, from 
at l e ast two of said node s to two at l e ast two typ e s of s e curity program module which 
implem e nt a security service on differ e nt nodes within said clust e r, to applications 
which run on said nod e s and which acc e ss a same on e of said at l e ast two types of 
security program modules on diff e r e nt nodes, through said consistent interface; and 

providing at least one adapt e r module for e ach security program module, 
wherein said at least one adapter modul e maps paramet e rs of said security s e nde e to 
said security int e rfac e , whereby applications running on diff e r e nt nodes do not 
requir e modification to use diff e r e nt s e curity program modul e s. providinR an access 
program layer on one data processing node running an application client and another 
data processing node running an application server, said access program layer 
presenting a consistent security interface to said application client and said 
application server, said consistent security interface representing a security 
mechanism common to said application client and said application server, wherein 
said application client has one set of security mechanisms available thereto and said 
application server has another set of security mechanisms available thereto, and 
wherein at least one of the one set of security mechanisms and the another set of 
security mechanisms comprises a plurality of security mechanisms; and 
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providing an adapter module for the common security mechanism, said 
adapter module mapping one or more parameters of a security service implemented 
by the common security mechanism to said consistent security interface, whereby 
applications running on the one data processing node and the another data processing 
node do not require modification to use different security mechanisms. 

2. (Original) The method of claim 1 in which there are a plurality of more than 
two of said data processing nodes. 

3. (Currently Amended) The method of claim 1 in which ther e are each set of 
security mechanisms comprises a plurality of security program modul e s niechanisms . 

4. (Original) The method of claim 1 in which there are a plurality of said 
adapter modules. 

5. (Original) The method of claim 1 in which said access program layer includes 
authentication and authorization services through said security interface. 

6. (Original) The method of claim 1 in which said access program layer includes 
access control services through said security interface. 

7. (Currently Amended) The method of claim 6 in which said access control list 
services includes entries grouped by at least one characteristic selected from the group 
consisting of type, mechanism, identity and permission bit mask. 

8. (Currently Amended) The method of claim 1 in which said access program 
layer loads one or more security program modules identified through said security interface. 

9. (Currently Amended) A computer readable medium having computer 
executable instructions causing a computer to provide an access program layer on at l e ast two 
data processing nod e s of said clustered environm e nt, said layer presenting a consist e nt 
security interface, from at least two of said nodes to two at least two types of security 
program module which implem e nt a security s ervice on diff e rent nodes within s aid clust e r, to 
applications which run on said nodes and which access a same on e of said at least two typ e s 
of security program modul e on different nod es , through said consi s t e nt interfac e ; and to 
provid e at l e ast on e adapter modul e for e ach s e curity program modul e , wh e r e in said at l e ast 
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on e adapt e r modul e maps param e t e rs of said se curity s e rvic e to s aid s ecurity int e rfac e , 
wh e reby application s running on different nod e s do not r e quir e modification to us e differ e nt 
security program modul e s, an access program layer on one data processing node running an 
application client and another data processing node running an application server, said access 
program layer presenting a consistent security interface to said application client and said 
application server, said consistent security interface representing a security mechanism 
common to said application client and said application server, wherein said application client 
has one set of security mechanisms available thereto and said application server has another 
set of security mechanisms available thereto, and wherein at least one of the one set of 
security mechanisms and the another set of security mechanisms comprises a plurality of 
security mechanisms; and to provide an adapter module for the common security mechanism, 
said adapter module mapping one or more parameters of a security service implemented by 
the common security mechanism to said consistent security interface, whereby applications 
running on the one data processing node and the another data processing node do not require 
modification to use different security mechanisms, 

10. (Currently Amended) A multinode data processing system whose memory 
contains programming to provide an acc e s s program layer on at least two data proc es sing 
nod e s of s aid cluster e d e nvironment, said lay e r pr e s e nting a consi s tent s e curity interfac e , 
from at least two of said nod e s to two at l e ast two typ e s of s e curity program modul e which 
impl e ment a s e curity s e rvic e on diff e rent nodes within s aid clust e r, to applications which run 
on said nod e s and which acce s s a sam e one of said at least two typ e s of s ecurity program 
module on different nod e s, through said consist e nt int e rface; and to provide at l e ast one 
adapt e r modul e for e ach s e curity program module, wh e r e in said at l e a s t one adapt e r modul e 
maps parameters of s aid security service to said s e curity int e rfac e , wher e in applications 
running on differ e nt nod e s do not r e quire modification to us e diff e r e nt security program 
module s , an access program layer on one data processing node running an application client 
and another data processing node running an application server, said access program layer 
presenting a consistent security interface to said application client and said application 
server, said consistent security interface representing a security mechanism common to said 
application client and said application server, wherein said application client has one set of 
security mechanisms available thereto and said application server has another set of security 
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mechanisms available thereto, and wherein at least one of the one set of security mechanisms 
and the another set of security mechanisms comprises a plurality of security mechanisms; 
and to provide an adapter module for the common security mechanism, said adapter module 
mapping one or more parameters of a security service implemented by the common security 
mechanism to said consistent security interface, whereby applications running on the one 
data processing node and the another data processing node do not require modification to use 
different security mechanisms. 

1 1 . (New) The method of claim 1 , further comprising using the access program 
layer by the application client and the application server to determine one or more security 
mechanisms of the one set of security mechanisms and the another set of security 
mechanisms that are common to the application client and the application server, and to 
negotiate between themselves which security mechanism of the one or more common 
security mechanisms is to be used as the common security mechanism. 

12. (New) The method of claim 1, further comprising providing at least one 
adapter module for each security mechanism of the one set of security mechanisms and the 
another set of security mechanisms. 
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